// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// pany, or more precisely, the name and pany of the person/site
// that you are generating the certificate for.
// For **L certificates, the monName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the monName will be the name of the individual who will use the
// certificate.
$dn = array(
"countryName" => "CN",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"monName" => "qq.",
"emailAddre" => "wez@example."
);
$config = array(
"digest_alg" => "sha1",
"private_key_bits" => 2048,
"private_key_type" => OPEN**L_KEYTYPE_DSA,
"encrypt_key" => false,
);
// Generate a new private (and public) key pair
$privkey = openl_pkey_new();
// Generate a certificate signing request
$csr = openl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$cert = openl_csr_sign($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example sho how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then iue
// you with the "real" certificate.
openl_csr_export($csr, $csrout) and var_dump($csrout);
openl_x509_export($cert, $certout) and var_dump($certout);
openl_pkey_export($privkey, $pkeyout, "mypaword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openl_error_string()) !== false) {
echo $e . "\n";
}
?>